1. Context
Secret managers securely store sensitive data like API keys and passwords, preventing hardcoded secrets and reducing exposure risks. They provide encrypted storage, access control, and automated rotation, ensuring secure management of credentials across distributed applications. It is crucial, expecially in could environments, to be able to use such services.
2. Prerequisites
A camel integrationt o be deployed on OpenShift.
3. Goal
Provide a configuration example to retrieve Hashicorp Vault Secrets and use them in a camel integration.
4. Configuration
First of all all of the following could be supported by simply adding the camel-hashicorp-vault component to your classpath.
To set up the secret retrieval with Azure Key Vault you have to first authenticate to the Hashicorp Vault Service. The mechanisms are:
Static credentials in application.properties:
camel.vault.hashicorp.token = token camel.vault.hashicorp.host = host camel.vault.hashicorp.port = port camel.vault.hashicorp.scheme = scheme
Once we have the Hashicorp Vault instance running or an Hashicorp Vault instance to point to we can create the secret via vault cli
vault kv put secret/authsecdb username="username" password="password" host="host"
The secret name will be authsecdb and the secret fields will be username, password and host. The Secret engine will be secret in this case.
In the Camel route it will be enough to use the following syntax and the secrets field will be retrieved.
{{hashicorp:secret:authsecdb/host}}
{{hashicorp:secret:authsecdb/username}}
{{hashicorp:secret:authsecdb/password}}
For more information about the usable syntax, you can look at Hashicorp Vault Property Function
The same configuration could be seen on OCP by following the Camel on OCP Best Practices repository, in particular, the Hashicorp vault section. You can follow the example for both the runtimes supported by Red Hat Build of Apache Camel: